These Fake Android File Manager Apps Steal Bank Credentials

Android device owners beware: more malicious apps have been discovered on the Google Play Store. Bitdefender cybersecurity team claims that several fake Android file manager apps infect Android devices with SharkBot banking malware. These fake apps are no longer available on the store, but they may still be on your phone. Screenshots of store pages show that thousands of Android users have downloaded these malicious apps.

As beeping computer explains, the SharkBot malware attempts to steal bank accounts by displaying fake login forms in addition to legitimate login prompts found in banking apps. If you enter your username and password in the fake form, it will be sent to a hacker, who can then use it to infiltrate your account and steal your money.

In September, we warned of SharkBot malware disguised as phone-cleaning apps. Now, threat actors seem to have moved on to file manager apps. One such app (no longer on Google Play) was X-File Manager, with over 10,000 downloads.

X-File Manager installs malware on Android devices.
X-File Manager installs malware on Android devices. Image source: Bitdefender

While downloading the application, users should not be wary. The app asks for a bunch of invasive permissions, including reading and writing external storage, installing and removing packages, and accessing account details. But this is a file manager application. It makes sense that it requires more permissions than an average productivity app.

Eventually, the app downloads the malicious payload and prompts the user to install an update. In reality, the user installs the SharkBot malware.

According to Bitdefender, this campaign specifically targets users in Great Britain and Ireland. If the app detects a SIM card from these regions, it will download the malware. Banking apps targeted by the campaign include Barclays, Bank of Ireland Mobile Banking, Santander Mobile Banking and HSBC UK Mobile Banking.

Other apps according to Bitdefender infected Android devices, including “FileVoyager”, “Phone AID, Cleaner, Booster” and “LiteCleaner M”. If you have any of these apps on your Android device, remove them as soon as possible.

READ MORE: 4 Dangerous Android Malicious Apps Discovered on Google Play